State of MCP client/server security #717
dvag-joerg-winter
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Judging from Koog's repository&examples, there seems to be no (documented) way to implement secure MCP communication as specified here:
https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization
Is this correct?
If yes, could you at this stage outline (only very high level), if the MCP client (somehere behind McpToolRegistryProvider...?) will be configurable, so that an existing Auth-token is used for secured communication with MCP servers?
The 'existing' Token was, for example, acquired from an existing Keycloak Authorizationserver of some organization and all MCP tool calls must be done in the context of this token (which for example would be a Keycloak user-login).
The only examples for secure MCP communication (in the JVM universe, so far as I could find any) are for Spring AI, which currently does not have this possibility yet
Instead, the MCP client in Spring AI seems to acquire the token itself from a configured auth-server, which is not what we (and my guess is most other usecases too..) want, because our Koog/Spring AI application already has the end-users token, in which context all tool-calls must be executed.
If this discussion, at the moment, should be boiled down to some other level/focus, I would appreciate that too.. because this obviously is 'in development' (regarding the Kotlin MCP SDK for example).. but any info on Koog's (planned) MCP security is welcome!
Beta Was this translation helpful? Give feedback.
All reactions